Feeds

IPv6 intro creates spam-filtering nightmare

Blacklist extinction looms

Choosing a cloud hosting partner with confidence

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

"The primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them – a process known as IP blacklisting," explained Stuart Paton, a senior solutions architect at spam-filtering outfit Cloudmark. "With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this."

Other security technologies also track IP addresses for various purposes, including filtering out sources of denial of service attacks, click fraud and search engine manipulation. Tracking a vastly expanded IP address space will make life much harder for network defenders, Paton warns.

"As an example, the address space is so large that it would be easy for spammers to use a single IP address just once to send a single email," he said.

The information security industry and ISPs need to collaborate on working out how to resolve the problem in order to make sure inboxes are not flooded with more junk mail thanks to the introduction of the new internet-address protocol. In the meantime, Cloudmark suggests interim restriction might need to be applied to preserve existing systems.

"Cloudmark advocates that ISPs do not initially need to be able to receive mail from IPv6 addresses (on inbound) except from their own customers (known as outbound)," Paton explained. "This would ensure business continuity for ISPs and provisioning of ADSL/Cable modems to continue. This measure will also protect the IPv4 reputation system that is currently in use and working well."

Paul Wood, an anti-spam expert at Symantec.cloud (formerly MessageLabs), confirmed that other security firms are also considering whether to apply tougher controls on mail from IPv6 networks.   "It [IPv6] is definitely a real area of concern in the anti-spam community, and opinion varies on whether businesses should accept mail on IPv6 or not for this reason," Woods told El Reg. "I'm of the opinion that at least for the moment they shouldn't, unless the connections are from a trusted source."

Email is a two-way communication protocol (unlike web browsing), so legitimate IPv6 mail servers, outside of academia and testing environments, will need to support IPv4 for some years. "Relatively speaking, there are very few real mail servers in the world, so the starvation of IPv4 will not affect them much because there will for a very long time be a resale market in the IPv4 address space," Wood added.

Wood told El Reg that although the move to IPv6 is a bit of a headache for spam-filtering, it might also make life harder for hackers hoping to take advantage of open relays to distribute spam or mount other types of security attacks.

"While the arrival of IPv6 is likely to eliminate the usefulness of traditional IP-based blacklists, it is also likely to reduce the issues that arise from port-scanning of open relays and other vulnerabilities," Wood explained. "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective – the returns will diminish over time." ®

* Although the last big blocks of IPv4 address space were allocated last month, there is plenty of assigned but unused space, estimated to be as high as 50 per cent by some experts. That means the resale market for IPv4 addresses is likely to last several years, at minimum.

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.